Latest Dropbox beta adds 2-step verification

Many of us use Dropbox in varying capacities (see what I did there?), and when we do, we often use it as crucial backup storage for data that's important to us. If it wasn't important, we probably wouldn't bother backing it up now would we? If you take your security seriously, and by now we hope you all do, you should be jumping for joy that Dropbox has added 2-step verification sign in to its latest betas.

The latest Dropbox beta follows the same principle that Google's 2-step verification does. In order to access your account you need two things: 1) something you know -- your password and 2) something you have -- your phone. And there's really no reason not to take security into your own hands and add that second level in order to help prevent the worst from happening. If you haven't already, go pick up the Dropbox app from the Google Play Store at the link above, and if you're interested in setting up 2-step verification for your account, see us after the break for a better in-depth explanation

After downloading the beta application to your desktop from the Dropbox forum (Windows, Mac and Linux all represented) and installing it, you'll have the option to turn on 2-step verification in your settings panel on the Dropbox website. Turn it on, enter your Dropbox password to authorize and choose how you'd like to receive password codes as your 2nd step.

In the same way as Google's option, you'll be able to choose from being sent text messages with codes, or using a time-based one-time password generator. If you've already set up Google's 2-step authentication, you've likely installed the Google Authenticator app, and this app will work perfectly for Dropbox as well. Select the option to use a mobile phone app, and you'll be presented with a barcode. In the Google Authenticator app, tap the settings button in the top right and tap "Add account" then "Scan barcode". Scan the code on your computer and your Dropbox app will now be linked to Google Authenticator and start generating codes.

Upon entering a code to initialize the service, you'll be given an "emergency backup code". This is analogous to Google's one-use passwords, and will get you back into your account if your phone is ever stolen or unlinked from your account without your knowledge. Keeping this code safe should be put high on your priority list, as it's your last line of defense for getting into your account should it be accessed by another person. Dropbox recommends writing it down on paper and storing it somewhere safe -- but everyone has their own system that works here.

That's it! Now you're set up with a vastly more secure way to access your important files on Dropbox. To give it a try, attempt logging into Dropbox and use the Google Authenticator app to generate a code. This works just fine when authorizing the Dropbox app on Android as well -- when prompted for a code, hit the home button and go to your Google Authenticator, look at the code, then switch back to Dropbox and enter it.

Once you've authenticated the Dropbox app on your device, everything else works normally. If you set it up in the settings, automatic photo uploads will happen in the background, and be automatically downloaded again on your computer.

According to Dropbox, there's no need for "application specific passwords" like with Google 2-step. I'd assume it's built into Dropbox's API so that anyone using it automatically can accept 2-step verification. It's worth taking a look at the beta forum posts and see if anyone has some experience with it.

and how am i supposed to remember this one-use password? and i imagine it's convoluted and obscure and thus hard to remember? imagine being drunk or hung over after some stripper or hooker in Vegas steals your wallet and phone. not that that's ever happened to me................i'm speaking hypothetically of course..........

Yes, the password is random and obscure, which helps so that no one can guess it.

The idea is that you'll print off (or write it down) the one-use password and put it somewhere safe (think like... a safe). Another good option in addition to this is saving it somewhere secure on a computer, like an encrypted volume on your hard drive that is also backed up off-site. This way you have multiple safe and secure ways to access the one-use password should your phone get stolen or lost.

Not to be rude, but most people don't go on that kinda bender, and if you do you should probably think ahead and leave the phone behind... Certainly not gonna need it (nor will it survive) if you're getting ripped off by hookers while unconscious. A more credible example would be simply getting mugged while traveling. If that's a concern and you can't survive without Gmail/Dropbox for a few days you can just leave the one time codes in a safe at the hotel room or something like that.'s more upsides than downsides to yetwo step verification though. I wouldn't be surprised if pretty soon it becomes a requirement to access many bank accounts online.

2-step verification is cool and all, but I'd hate to be in a situation where my phone is stolen and I can't even access my phonebook on a nearby computer (not to mention plethora of other google services), because I have 2-step sign in on on my google account. I'm all for security, but phones getting stolen/lost/broken or even drained battery in an emergency situation - that's scary.

Both Google and Dropbox offer one-use passwords that don't expire that you can use to log into your accounts. They both recommend that you write them down or print them off and have them available if your phone is ever lost or stolen or you forget your password.

so you write them down and keep them where? and when you're traveling? in your wallet? in your travel bag? and thus defeating the purpose and actually INCREASING the security threat vulnerability even more than before you enabled the 2-step?

Hmmmm... How about just creating a really long and obscure password to begin with to log in to dropbox. That way it is harder to cracked and not have to worry about two step authentication. Just saying.

It doesn't matter how long and complicated your password is if someone breaks into Dropbox's password storage (very unlikely, but still) and takes your password. It also doesn't matter if you have a piece of malware or a keylogger on your computer (or router, or friend's router, or public WiFi AP), or visit a spoofed site, or are the victim of a man-in-the-middle attack and someone takes your password.

This goes for all sites, not just Dropbox. Yes making a long complicated randomized password helps security (quite a bit), but it doesn't mean anything if the site's backend gets hacked or your password is taken by one of the numerous common methods. There's no reason to put your security solely in the hands of the site if you have the option to put it in your own as well.

It's the idea of needing something you know and something you have in order get into your account that keeps it much more secure. Someone would have to know your Dropbox login, steal your password and steal your phone in order to get into your account.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.